TCR Security & Compliance LogoTCR Security & Compliance
Back to Home

Privacy Policy

TCR Security & Compliance is committed to protecting your privacy and maintaining the highest standards of data security in accordance with industry regulations and best practices.

Last Updated: December 2024

Overview

This Privacy Policy describes how TCR Security & Compliance ("TCR," "we," "us," or "our") collects, uses, and protects your personal information when you visit our website, use our services, or interact with us in connection with our IT consulting and compliance services for regulated industries.

As a provider of compliance and security services to highly regulated industries including healthcare, biotechnology, pharmaceutical, and medical technology sectors, we understand the critical importance of data protection and privacy. Our practices are designed to meet or exceed requirements under HIPAA, GDPR, SOC 2, and other applicable privacy regulations.

Information We Collect

Personal Information You Provide

  • Contact Information: Name, email address, phone number, company name, job title
  • Assessment Data: Responses to compliance assessments, organizational information, industry details
  • Communication Records: Messages, consultation requests, support inquiries
  • Professional Information: Industry sector, compliance requirements, organizational size

Information Collected Automatically

  • Usage Data: Pages visited, time spent on site, referral sources
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: Session cookies, analytics cookies, preference settings

How We Use Your Information

Service Delivery

Providing compliance consulting, IT strategy, risk assessments, and other professional services tailored to your organization's needs.

Communication

Responding to inquiries, scheduling consultations, providing updates on services, and delivering assessment results.

Assessment and Analysis

Analyzing compliance gaps, risk levels, and organizational needs to provide personalized recommendations and implementation roadmaps.

Website Improvement

Analyzing usage patterns to improve our website functionality, user experience, and service offerings.

Legal Compliance

Meeting regulatory requirements, responding to legal requests, and protecting our rights and interests.

Information Sharing and Disclosure

We Do Not Sell Personal Information

TCR does not sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Circumstances

  • Service Providers: Trusted third-party vendors who assist in website hosting, analytics, and communication tools, bound by confidentiality agreements
  • Legal Requirements: When required by law, court order, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
  • Consent: With your explicit consent for specific purposes

Data Security and Protection

As cybersecurity and compliance experts, we implement industry-leading security measures to protect your personal information:

Technical Safeguards

  • • SSL/TLS encryption for data transmission
  • • Encrypted data storage
  • • Multi-factor authentication
  • • Regular security assessments

Administrative Controls

  • • Access controls and user permissions
  • • Employee training and background checks
  • • Incident response procedures
  • • Regular compliance audits

Note: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We continuously monitor and improve our security practices to maintain the highest level of protection.

Your Privacy Rights

Under GDPR (EU Residents)

Right to access your data
Right to rectification
Right to erasure
Right to data portability
Right to object to processing
Right to restrict processing

Under CCPA (California Residents)

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@tcrsecurity.com or use our contact form. We will respond to your request within the timeframes required by applicable law.

We may need to verify your identity before processing your request to protect your personal information.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and analyze usage patterns.

Essential Cookies

Required for website functionality, security, and user authentication. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website to improve user experience. You can opt-out of these.

Preference Cookies

Remember your settings and preferences to provide a personalized experience.

You can manage cookie preferences through your browser settings or by contacting us directly.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Contact Information: Retained while you remain a client or prospect, plus 3 years after last contact
  • Assessment Data: Retained for 5 years to support ongoing compliance consulting
  • Website Analytics: Aggregated data retained for 2 years
  • Communication Records: Retained for 7 years for business and legal purposes

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention and destruction policies.

International Data Transfers

TCR is based in the United States. If you are accessing our services from outside the US, please be aware that your information may be transferred to, stored, and processed in the United States.

Safeguards for International Transfers

  • • Standard Contractual Clauses (SCCs) for EU data transfers
  • • Adequacy decisions where applicable
  • • Binding Corporate Rules for internal transfers
  • • Explicit consent where required

Policy Updates and Contact Information

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notifications for significant changes
  • Providing notice during your next interaction with our services

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

TCR Security & Compliance

Privacy Officer

Email: privacy@tcrsecurity.com

Phone: 1-800-TCR-SECURE

Address: Available upon request for privacy-related inquiries

Questions About Our Privacy Practices?

Our privacy team is here to help. Contact us for any questions about how we protect and handle your personal information.